Information Disclosure in Cisco Linksys Wireless Video Camera
CVE-2009-1560

Currently unrated

Key Information:

Vendor: Cisco
Status: Wvc54gc
Vendor: CVE Published:; 6 May 2009

Summary

The Cisco Linksys WVC54GCA wireless video camera versions 1.00R22 and 1.00R24 contain a serious security vulnerability where sensitive information, such as passwords and wireless network keys, is stored in cleartext. This issue resides in the files 'pass_wd.htm' and 'Wsecurity.htm', which, if accessed by an attacker, can lead to unauthorized retrieval of crucial data through HTML source code exposure. Unsuspecting users of this camera should be aware that an attacker can exploit this vulnerability to gain insight into one’s wireless network configurations and credentials.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50410

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2009/1173

vdb-entryx_refsource_VUPEN

http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras...

x_refsource_MISC

Timeline

Vulnerability published
May 6, 2009
Vulnerability Reserved
May 6, 2009